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1 This action is in response to the communication filed on 3/25/2008. 

2 DETAILED ACTION 

3 Claims 25-27 have been examined. 

4 Title 

5 The title of the invention is acceptable. 

6 Information Disclosure Statement 

7 The information disclosure statement(s) (IDS) submitted on 4/15/2004 are in compliance 

8 with the provisions of 37 CFR 1 .97. Accordingly, the examiner is considering the information 

9 disclosure statements. 

10 Drawings 

1 1 The drawmgs filed on 4/1 5/2004 are acceptable for examination proceedings. 

12 Claim Rejections - 35 USC §102 

13 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis 

14 for the rejections under this section made in this Office action: 

1 5 A person shall be entitled to a patent unless - 

16 (e) the invention was described in (I) an application for patent, published under section 

1 7 122(b), by another filed in the United States before the invention by the applicant for patent or 

18 (2) a patent granted on an application for patent by another filed in the United States before the 

19 invention by the applicant for patent, except that an international application filed under the 

20 treaty defined in section 351(a) shall have the effects for purposes of this subsection of an 

21 application filed in the United States only if the international application designated the United 
11 States and was published under Article 21 (2) of such treaty in the English language. 

23 

24 Claim 25 is rejected under 35 U.S.C. 102(e) as being anticipated by Redlich et al. (US 

25 Patent Number 7,322,047), hereinafter referred to as Redlich. 
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1 Regarding claim 25, Redlich disclosed a method for selective encryption within a 

2 document comprising: detecting a document encryption request (Redlich Col. S3 Lines 10-33: 

3 Step 612); activating a document encryption routine (Redlich Col. 53 Lines 10-33: Email 

4 Security System Begins); accessing a proposed document for encryption and tagging one or 

5 more sections of the proposed document as designated for encryption (Redlich Col. 53 Lines 10- 

6 33: Step 612 Highlighting); encrypting the tagged sections with multiple encryption keys 

7 (Redlich Col. 53 Lines 10-33: Step 618 and Col. 48 Lines 42-55: different cipher keys); 

8 extracting the encrypted sections from the document (Redlich Col. 53 Lines 10-33: Step 616); 

9 marking locations in the document where the extracted sections were located (Redlich Col. 5 1 

10 Lines 21-27: Placeholders); storing extracted sections from the document in an appendix 

1 1 attached to the docxmient (Redlich Col. 53 Lines 38-40: secured data in encrypted form is 

12 attached or appended to the original e-mail containing remainder data); receiving a request to 

13 access an encrypted section of the document (Redlich Col. 54 Lines 28-34: addressee opens the 

14 attachment); determining whether a received decryption key for the encrypted section of the 

15 document for which the access request was made is proper for that encrypted section (Redlich 

16 Col. 54 Lines 56-64, Col. 49 Lines 2-1 1, and Col. 39 Lines 26-45: detects and confirms the users 

17 clearance level. . .and cleared data...is sent to the respective user); when the determination is that 

18 the received decryption key is proper, retrieving and decrypting the section of the document for 

19 which the access request was made (Redlich Col. 54 Lines 56-64, Col. 49 Lines 2-1 1, and Col. 

20 39 Lines 26-45: detects and confirms the users clearance level. . .and cleared data...is sent to the 

21 respective user); and displaying the decrypted section of the document (Redlich Col. 37 Lines 

22 19-21). 
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1 Claim Rejections - 35 USC § 103 

2 The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

3 obviousness rejections set forth in this Office action: 

4 A patent may not be obtained though the invention is not identically disclosed or 

5 described as set forth in section 102 of this title, if the differences between the subject matter 

6 sought to be patented and the prior art are such that the subject matter as a whole would have 

7 been obvious at the time the invention was made to a person having ordinary skill in the art to 

8 which said subject matter pertains. Patentability shall not be negatived by the manner in which 

9 the invention was made, 
10 

1 1 Claims 26-27 are rejected under 3S U.S.C. 103(a) as being unpatentable over Redlich. 

12 While Redlich disclosed determining whether there is a request to access another encrypted 

13 section of the document (Redlich Col. 54 Lines 56-64, Col. 49 Lines 2-11, and Col. 39 Lines 26- 

14 45: detects and confirms the users clearance level. . .and cleared data.. .is sent to the respective 

15 user); and when there is determination that there is a request to access another encrypted section 

16 of the document, repeating the steps of: determining whether a received decryption key for the 

17 encrypted section of the document for which the access request was made is proper for that 

18 encrypted section; when the determination is that the received decryption key is proper, 

19 retrieving and decrypting the section of the document for which the access request was made; 

20 and displaying the decrypted section of the document (Redlich Col. 54 Lines 56-64, Col. 49 

21 Lines 2-11, and Col. 39 Lines 26-45: detects and confirms the users clearance level. . .and cleared 

22 data...is sent to the respective user), Redlich failed to specifically disclose the other request 

23 occurring after the first displaying. However, Redlich did disclose multiple users with varying 

24 security clearances accessing different portions of the document (Redlich Col. 39 Lines 26-45). 
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1 It would have been obvious to the ordinary person skilled in the art at the time of the 

2 invention that one user may access the document after another user has accessed and displayed 

3 decrypted portions of the document. This would have been obvious because the ordinary person 

4 skilled in the art would have been motivated to provide flexibility in the permitted access times 

5 for each user, and further would have recognized that different users access email at varying 

6 times. 



7 Conclusion 

8 Claims 25-27 have been rejected. 

9 The prior art made of record and not relied upon is considered pertinent to applicant's 
10 disclosure. 

11 

12 Any inquiry concerning this communication or earlier communications from the 

1 3 examiner should be directed to MATTHEW T. HENNING whose telephone number is 

14 (571)272-3790. The exammer can normally be reached on M-F 8-4. 

15 If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

16 supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 

17 organization where this application or proceeding is assigned is 571-273-8300. 
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1 



Information regarding the status of an application may be obtained from the Patent 



2 Application Information Retrieval (PAIR) system. Status information for published applications 

3 may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

4 applications is available through Private PAIR only. For more information about the PAIR 

5 system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

6 system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 

7 like assistance from a USPTO Customer Service Representative or access to the automated 

8 information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



9 



10 
11 
12 
13 
14 



/Matthew T Henning/ 
Examiner, Art Unit 2131 
/AyazR. Sheikh/ 

Supervisory Patent Examiner, Art Unit 2131 
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BACKGROUND OF THE INVENTION 
FIELD OF THE INVENTION 

The invention relates to document encryption and access restrictions on 
documents and more particularly to the encryption of each portion of a document such that 
10 access rights to respective portions miay be obtained with corresponding keys. 
BACKGROUND 

Various kinds of document access protection are known. In one example, EP 
0 848 314 Al for DOCUMENT SECURITY SYSTEM AND METHOD only documents to 
which the user has rights are generated from a database. Varying security levels are 

15 provided. Another system described in US Patent No. 5,052,040 for MULTIPLE USER 
STORED DATA CRYPTOGRAPHIC LABELING SYSTEM AND METHOD pennits 
different users to utilize the same files. The system exploits an extension of the file label 
which contains configuration capabilities and user rights and privileges. The separate user 
rights and privileges in diis case relate to the entire document such as read only, read and 

20 write, deletion, etc. The document is encrypted. Another prior art system is described in US 
Patent No. 6,011,847 for CRYPTOGRAPHIC ACCESS AND LABELING SYSTEM. In 
this system, encryption and decryption of files uses a relational key generated by the system. 
A computer program also generates a series of labels that are encrypted and appended as a 
trailer to the encrypted message. The encrypted labels provide a history behind the particular 

25 encryption and they can be individually selected, separated, and decrypted from the total file. 
An access control module provides access to an encryption portion of the document to users 
with passphrases by comparing a generated vector or key with a partially decrypted version 
of a second vector or key stored on a portable storage medium such as a floppy disk. In 
response, a main key can be generated to encrypt or decrypt the labels. The latter system is 

30 mainly concerned with adding descriptive labels to the end of an encrypted document and 
contains a key exchange method for passing the decryption key between a server and a client. 

Other prior art systems and methods are knov^, but none contain a very 
convenient, robust, and straightforward method for encryption-protection of different parts of 
a document based on access privileges. 
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SUMMARY OF THE INVENTION 

A method and system for selectively encrypting and decrypting different 
sections of a document provides different access levels in a technique employing different 

5 keys. The documents may be encrypted at a document section level ("section" here used 
according to its gen^ meaning) and uses a different set of encryption keys for each section. 
A user A with an access level 1 may access only those sections encoded with access level 1 
plus unencoded sections. An application example of diis technique is in hospitals* A pati^ts 
records may each be segmented into separately-encrypted portions giving access to nurses for 

10 only suitable material while giving broader access to doctors. Thus, this example illustrates 
access control to infoxmation contained inside a document based on pre-defined roles 
accepted within a specific environment The nurse would be provided with an access level 
key based on the access control rules defined by the hospital. Such key would allow the nurse 
to gain access to those parts of the document for which nurses have rights. There could also 

15 be a level to which only the primary care physician or health care proxy has access. 

A method for distributing keys is also provided. This method utilizes a key 
box which is created for holding keys used to encode the sections of the document. The key 
box contains a slot for each level of access. The set of keys that a user at a given level 
requires is placed in a corresponding slot Each slot is encoded using the access level public 

20 key giving the user access to the keys in the appropriate slot when decrypted using the user's 
private key. 

An additional feature provides an outer layer of encryption using a public key 
for a requesting organization. Once the requesting organization opens the document using its 
private key, anyone in the receiving organization can apply their access level private key(s) 

25 to the key box, which in turn applies the keys in the corresponding slot to the document This 
allows each user to view/modify the parts of the document to which they have access rights. 

The invention will be described in connection with certain preferred 
embodiments, with reference to the following illustrative figures so that it may be more fiilly 
understood^ The description of this invention uses the definition of public key to correspond 

30 to the public portion of the public/private key pair that is used in the art to realize asymmetric 
algorithms. The description of this invention uses the definition of private key to correspond 
to the private portion of the public/private key pair that is used in the art to realize 
asymmetric algorithms. The description of this invention uses the definition of symmetric 
key to refer to the a single key that is used in the art to realize symmetric algorithms. 
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With reference to the figures, it is stressed that the particulars shown are by 
way of example and for purposes of illustrative discussion of the preferred embodiments of 
the present invention only, and are presented in the cause of providing what is believed to be 
the most useful and readily understood description of the principles and concq>tual aspects of 
S the invention. In this regard, no attempt is made to show structural details of the invention in 
more detail than is necessary for a fundamental understanding of the invention, the 
description taken with the drawings making apparent to those skilled in the art how the 
several forms of the invention may be embodied in practice. 

10 BRIEF DESCRIPTION OF THE DRAWING 

Hg. 1 is an illustration of a computer environment in which the invention may 

be used. 

Fig. 2A is an illustration of a documrat indicating separate sections and the 
encryption processes to be applied to each section according to first embodiment of the 
IS invention in which public keys are used for encryption. 

Fig. 2B is an illustration of a document indicating separate sections and the 
encryption processes to be applied to each section according to second embodiment of the 
invention in which public keys are used for encryption. 

Rg. 3 is an illustration of a document indicating separate sections and the 
20 encryption processes to be applied to each section according to diird embodiment of the 
invention in which document-specific keys are used. 

Fig. 4 is an illustration of a key box document used with the embodiment of 

Fig. 3. 

Fig. 5 is an illustration of a process for encrypting a document according to an 
25 embodiment compatible with any of the foregoing embodiments. 

Fig. 6 is an illustration of a process for encrypting a document according to an 
embodiment compatible with any of the foregoing embodiments. 

Fig. 7 is an alternative way of packaging the key box in a transmission by 
including it within a single document. 



30 



DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 

Referring to Fig. 1, the invention may be used in the environment of electronic 
document transfer. An example of such an environment is a sending computer 110 and a 
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receiving computer 120 connected by a network 100 or simply by physical transfer of a non- 
volatile data store 90 such as a floppy disk. 

Referring to Fig. 2A, a document 95 contains various sections 130, 135, 140, 
and 145. Each section is divided according to how the information contained in the section is 
5 desired to be made available to a particular person (organization or other entity) or class of V 
persons. The document 95 is intended to be transferred by the sender 1 10 to the receiver 120, 
the receiver including each of the persons or classes of persons. Hie sections labeled 130 * 
and 145 are encrypted with a public key LI corresponding to the first user or class of users. 
Hie section labeled 135 is encrypted with a second public key L2 corresponding to the 

10 second user or class of users. By virtue of being embedded in the section 135, section 145 is 
also encrypted with the L2 public key. 

Referring to Fig. 2B, the various sections may be encrypted with only one key 
or all keys from the access level to which they correspond down to the lowest level of access. 
Thus, in this example, document section 145 is encrypted with both the LI and L2 keys, but 

15 so is document section 130. Alternatively, each section may be encrypted with only a single 
key, so that a level 1 section appearing in a level 2 section is simply treated as a completely 
separate section with the level 2 section being broken into separate subsections for L2 
encryption. The encryption methods described above permit multilevel access to a document 
based on the public keys of the intended audience. It is possible to limit access based on the 

20 user as well as the particular document as shown in the next embodiment. 

Referring now to Figs. 3 and 4, the document sections are encrypted witii 
respective document keys, a respective one for each access level defined within the scope of 
the document. The document keys may be symmetric keys. The latter are not shared outside 
of the context of use of the document and the user need never directly know what fee 

25 symmetric keys are. These document keys are then made available to the recipients by 

encrypting them into a separate document (which could be part of the original document as in 
a file header as illustrated in Fig. 7) called a key box. The key box has a slot corresponding 
to each access level defined within the scope of the organization that is requesting such 
document. A first slot 1 210 contains document keys for access levels 1 and 2 giving the user 

30 access to both levels. A second slot 1 215 contains document keys for access level 2. Each 
slot is encrypted using the public key of the organization that corresponds to the access level 
of the slot. The entire key box file and tire document may be encrypted using the public key 
of the user to ensure confidentiality of the transmission of the document and the key box. 
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Additionally, the tey box and the document may be signed by the sender 1 10 to ensure 
integrity of the transmission and authenticity of the document. 

The preceding embodiment contemplates an agreement between the sender of 
the document who prepares the encryption and the organization receiving the document 
S This agreement would map access levels used in encrypting the document to the access levels 
in place at the receiver. For a given document, a given organization level may map to a 
single document access level. Alternatively, a given organization level may map to multiple 
document access level. 

Preferably, to assure data integrity and non-repudiation, the document source 

10 may sign the document hash with a private key. The requestor receiving the document 

together with the signature can then vouch for the validity of the source. Other mechanisms 
for authenticating the document's contents may also be used. 

When a person with access level N opens the document, he/she presents 
his/her organization access level private key, which corresponds to the asymmetric key pair, 

IS to a decryption process that uses the key to access the appropriate slot in the key box. The 
symmetric keys may be used by the process to access the appropriate levels of the document 
transparentiy to the user. The user never "handles" the symmetric document keys and simply 
accesses the portions of the document the user has permission to access. 

Referring now to Fig. S, tfie detailed steps for creating, sending, receiving, and 

20 using a documrat begin with the receipt of a request S 10 for the document and the 

appropriate information such as the public keys of the users, a map of users to access levels, 
etc. Next, a key is created for each access level required S20. The document is then 
encrypted starting with the highest (most privileged) access level and going down S30. This 
may result in the layered encryption of either of Figs. 2A and 2B or the alternative process 

25 where each level is only encrypted once. The keys are formed into a key box document and 
each set sqparately encrypted using the public keys of the access levels S4S. Then the 
document and key box are bundled and optionally encrypted using the public key of the 
receiver S55. 

When the receiver receives the file containing the encrypted document and the 
30 key box, the package is unbundled and optionally decrypted S60. The document and key box 
are then made available to the users S70. When a user accesses the document, the user 
provides his/her organization access level private key to a decryption process on a receiving 
computer (e.g. 120) which uses the key to decrypt the appropriate slot of the key box S75. 
The process then applies the symmetric keys, obtained from the decrypted slot in the key 
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box, S80 to the document to allow the user to access the document S8S. The user never 
directly accesses the synmietric access level keys or cvem concerns him/herself with how 
many keys are involved. 

Referring to Fig. 6, in an alternative embodiment, the public keys of the 

S receivers are not used to encrypt the document Rather step S4S is skipped and the key box is 
simply encrypted using the organization's public key. At the receiving organization, an 
additional step S90 between S65 and S70 is added wherein the slots of the key box are 
mapped to the access levels present in the organization and encrypted with the appropriate 
public keys of the users or group of users. 

10 It will be evident to those skilled in tihe art that the invention is not limited to 

the details of the foregoing illustrative embodunoits, and that the present invention may be 
embodied in other specific forms without departing from the spirit or essential attributes 
thereof. The present embodiments are, therefore, to be considered in all respects as 
illustrative and not restrictive, the scope of the invention being indicated by the appended 

IS claims rather than by the foregoing description, and all changes which come within the 
meaning and range of equivalency of the claims are therefore intended to be embraced 
therein. 
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CLAIMS: 



1. A method of securely transmitting a first document, comprising the steps of: 
generating first and second level document keys; 

encrypting a first section (130) of said first document with said first level 
document key and encrypting said first and a second section (135) of said first document with 
5 said second level document key; 

forming a second document (220) or a portion (520) of said docxmient, said 
second document or said portion containing said first and second level document keys; 

transmitting said first document or said first and second docum^ts as 
appropriate to the choice in said step of forming. 

10 

2. A method as in claim 1, wherein said first and second level document keys are 
symmetric keys. 

3. A method as in claim 1 , further comprising receiving at least two public keys 
15 firom a recipient, said step of forming including encrypting said second document such that a 

corresponding set of said first and second level document keys is made available by 
decryption using a first of said at least two public keys and such that a cori:esponding other 
set of said first and second level document keys is made available by decryption using said 
second of said at least two public keys. 

20 

4. A method as in claim 3, wherein said step of encrypting including encrypting a 
first of said at least two public keys in a first portion of said second document or first 
document portion and encrypting a first and second of said at least two public keys in a 
second portion of second document or first document portion. 

25 

5. A method as in claim 3, wherein said first and second level document keys are 
symmetric keys. 
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6. A method as in claim 1, wherein said step of transmitting includes encrypting 

said first documrat or said first and second documents as q)propriate to the choice in said 
step of forming. 

5 7. A method of encrypting a document, comprising'the steps of: 

encrypting a first pordon of a document using a first key; 
encrypting a second portion of said document using a second key; 
racrypting a result of said first and second steps of encrypting using a third 
key, being a public key of a recipient 

10 

8. A method of encrypting a document as in claim 7,wherein said first key is a 
first public key of said recipient and said second key is a second public key of said recipient 

9. A method of encrypting a document as in claim 7, wherem said first key is a 
IS first synunetric key and said second key is a second symmetric key, and the method includes 

the step of encrypting said first symmetric key with a public key. 

10. A method as in claim 9, wherein said second pordon includes a part of said 
first portion, said part having been encrypted with said first symmetric key. 

20 

11. A mediod of encrypting a document as in claim 9, comprising the step of 
encrypting said second symmetric key with a second public key. 

12. A method of securely providing access to first and second readers of a 
25 document, comprising the steps of: 

transmitting to a sender of a document, public keys corresponding to readers 
of said document, said public keys being used to encrypt said document; 

receiving encrypted data from said sender; 
decrypting a portion of said encrypted data using a private key corresponding to one of said 
30 public keys; 

a result of said first step decrypting being the accessing of a portion of said 
data corresponding to said one of said public keys; 

decrypting a portion of said encrypted data using a private key corresponding 
to another of said public keys; 
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result of said second step decrypting being the accessing of a portion of said 
data corresponding to said other of said public keys. 

13. A method as in claim 12, wherein said first and second steps of decrypting 

5 each include decrypting a portion of said data to unlock a respective set of encryption keys. 

14. A method as in claim 12, wherein said first and second steps of decrypting 
further include using said respective set of encryption keys to unlock at least a portion of said 
encrypted data to provide access to only a portion of said document. 

10 

15. A method as in claim 12, wherein said first and second steps of decrypting 
further include using said respective set of encryption keys to unlock at least a portion of said 
encrypted data to provide access to said document. 

15 16. A data file (95+220), comprising: 

an encryption protected document (95, 595) containing a key portion (520) and an encrypted 

document portion (585); 

said key portion being at least partly decryptable with a first public key to 

provide access to a first symmetric key; 
20 - said key portion being at least partly decryptable with a second public key to 

provide access to a second symmetric key; 

a first portion (210) of said encrypted document portion being decryptable 

with said first symmetric key and a second portion (215) of said encrypted document portion 

being decryptable with said second symmetric key, 

25 

17. A data file containing: 

an encrypted document (95) and at least two encryption keys; 

said encryption keys being encrypted such as to be accessible using at least 
two public keys and such that a first portion (130) of said encrypted docimient is accessible 
30 by decrypting with a first subset of said encryption keys, said first subset being decryptable 
using a first of said at least two public keys, and such that a second portion of said encrypted 
document is accessible by decrypting with a second subset of said encryption keys, said 
second subset being decryptable using a second of said at least two public keys. 
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18. A data set stored on a data storage medium, comprising: 

a document encrypted in portions using respective keys to encrypt said 

portions; 

a first portion of said document being encrypted with a iBrst of said respective 

S keys; 

a second portion of said document being encrypted with a second of said 
respective key, 

said first and second respective teys being encrypted in a file such as to permit 
decryption of said first key by a first private key and to permit decryption of said second key 
10 by a second private key. 

19. A data set stored on a data storage medium, comprising: 

document encrypted in portions using respective keys to encrypt said portions; 
a fibrst portion of said document being encrypted with first and second of said 
15 respective keys; 

a second portion of said document being encrypted with said first respective 

, key; 

said first and second respective keys being encrypted in a file such as to permit 
decryption of said first and second keys by a first private key and to permit decryption of said 
20 first key by a second private key. 

20. A document decrypting program stored on a data storage medium, comprising: 
code defining a process capable of selectively decrypting a portion of a data 

set using a respective key, said portion yielding a respective set of further keys upon 
25 decryption; 

code defining a further process capable of retrieving from said data set 
portions of a document corresponding to said respective set of further keys to provide access 
to only portions of said document corresponding to respective key. 

30 21. A stored program as in claim 20, wherein said respective key is a public key. 

22. A stored program as in claim 20, wherein each of said set of further keys is 

unique to said document. 
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23. A stored program as in claim 20, wherein each of said set of further keys is a 

symmetric key. 
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